Document Management System (DMS)

Store, organise, and manage legal documents of various formats that can be accessed and shared securely with intended parties. Features include version control and audit trail.

Instructions

• This page helps you prepare "Solution Requirements" section in Vendor Management Portal and you will see the exact questions and flow.

• 🔴 Mandatory questions: Must answer "Yes" to continue

• 🟡 Preferred questions: Can answer either way and continue

• Follow the question flow as indicated

Q1 🔴 Mandatory - Cloud and Multi-Device Accessibility

Main Question: Does your solution allow for cloud-based, mobile-based, and/or web-based usage?

🔴 Answer: ○ Yes [Next: Q2] ○ No [⚠️ Cannot Proceed]

Q2 🔴 Mandatory - Document Management

Main Question: Does your solution have matter-centric functions which allow users to create matters and automatically organise and save any documents, emails and notes to folders in the workspaces?

🔴 Answer: ○ Yes [Next: Q3] ○ No [⚠️ Cannot Proceed]

Q3 🔴 Mandatory - Document Categorisation and Tagging

Main Question: Does your solution allow document categorisation and tagging which allows users to distinguish between motions, orders, pleadings, complaints and contracts etc.?

🔴 Answer: ○ Yes [Next: Q4] ○ No [⚠️ Cannot Proceed]

Q4 🟡 Preferred - Automatic Document Recognition

Main Question: Does your solution automatically recognise the type of document that is uploaded to it (e.g. affidavit, pleading and contract, etc)?

🟡 Answer: ○ Yes [Next: Q5] ○ No [Next: Q5]

Q5 🔴 Mandatory - Version Control

Main Question: Does your solution allow users to see each iteration of a document, and view, restore, or compare previous versions of every document?

🔴 Answer: ○ Yes [Next: Q6] ○ No [⚠️ Cannot Proceed]

Q6 🟡 Preferred - Data Extraction via OCR

Main Question: Does your solution use Optical Character Recognition (OCR) to identify and extract text from documents?

🟡 Answer: ○ Yes [Next: Q7] ○ No [Next: Q7]

Q7 🟡 Preferred - Search Capabilities

Main Question: Does your solution have index and search functions for files in different formats (e.g. audio, text, image, etc.)?

🟡 Answer: ○ Yes [Next: Q8] ○ No [Next: Q8]

Q8 🟡 Preferred - e-Signing

Main Question: Does your solution provide or integrate an e-signing solution to facilitate instant approval processes?

🟡 Answer: ○ Yes [Next: Q9] ○ No [Next: Q9]

Q9 🔴 Mandatory - Email Management

Main Question: Does your solution have email management functions which allow emails to be stored, indexed and managed? Is your solution integrated with email tools e.g. Microsoft Outlook and Gmail?

🔴 Answer: ○ Yes [Next: Q10] ○ No [⚠️ Cannot Proceed]

Q10 🟡 Preferred - User Authentication

Main Question: Does your solution provide user authentication when access to a file or folder is shared through a link in the email invitation?

🟡 Answer: ○ Yes [Next: Q11] ○ No [Next: Q11]

Q11 🔴 Mandatory - Document Security

Main Question: Does your solution enable users to set access rights (e.g. read, write, delete, etc.) for a folder or a document by user roles?

🔴 Answer: ○ Yes [Next: Q12] ○ No [⚠️ Cannot Proceed]

Q12 🔴 Mandatory - Secure Workspace Sharing

Main Question: Does your solution allow users to securely share workspaces with colleagues, consultants, and clients?

🔴 Answer: ○ Yes [Next: Q13] ○ No [⚠️ Cannot Proceed]

Q13 🔴 Mandatory - Audit Trail

Main Question: Does your solution provide an audit trail to track document access history with username, dates and time stamps?

🔴 Answer: ○ Yes [Next: Q14] ○ No [⚠️ Cannot Proceed]

Q14 🟡 Preferred - Practice Management System Integration

Main Question: Is your solution integrated with at least one Practice Management System?

🟡 Answer: ○ Yes [Next: Q15] ○ No [Next: Q15]

Q15 🟡 Preferred - System Integration

Main Question: Does your solution support integration with other software, such as Document Review and Document Assembly software?

🟡 Answer: ○ Yes [Next: Q16] ○ No [Next: Q17]

--

Q16 🔴 Mandatory Follow-up - System Integration - Elaboration

This question appears only if you answered "Yes" to Q15

Main Question: List the software that your solution can be integrated with.

🔴 Answer: ○ Yes [Next: Q17] ○ No [⚠️ Cannot Proceed]

Text Elaboration Required: [Text Box for Description/Details]

Q17 🟡 Preferred - AI Features

Main Question: Does your solution incorporate AI in your core features and functions?

🟡 Answer: ○ Yes [Next: Q18] ○ No [Next: Q19]

--

Q18 🔴 Mandatory Follow-up - AI Features - Elaboration

This question appears only if you answered "Yes" to Q17

Main Question: Describe your AI feature and its benefits. Examples are:

a. Generate output, identify items, or provide recommendations based on training models to improve decision-making b. Recognise text, images to shorten time taken for manual inputs of forms c. Others, please specify

🔴 Answer: ○ Yes [Next: Q19] ○ No [⚠️ Cannot Proceed]

Text Elaboration Required: [Text Box for Description/Details]

Q19 🔴 Mandatory - Business Data Extraction

Main Question: Can your solution enable SMEs to efficiently extract business data in various discrete formats such as CSV, XLSX, XML, and TSV?

🔴 Answer: ○ Yes [Next: Q20] ○ No [⚠️ Cannot Proceed]

Q20 🔴 Mandatory - Personal Data Protection

Main Question: Can your solution demonstrate compliance with the following Personal Data Protection requirements?

Requirements: Digital solutions that collect, use, disclose, process or dispose personal data should incorporate features that support the obligations under the Personal Data Protection Act (2020).

Compliance Requirement: To comply with this requirement, you MUST complete the Personal Data Protection Requirements form at https://go.gov.sg/pdp.

🔴 Answer: ○ Yes [Next: Q21] ○ No [⚠️ Cannot Proceed]

Q21 🔴 Mandatory - Vulnerability Assessment/Penetration Testing (VA/PT)

Main Question: Has your solution undergone a comprehensive security vulnerability assessment/penetration testing (VA/PT) conducted by a qualified third-party within the last 12 months? The scope of the VA/PT must cover network security; application security; data protection measures and access control (if applicable); API security testing (if applicable); Cloud security configuration review (if applicable). Specifically, for web application security, the scope must cover minimally all OWASP Top 10 vulnerabilities.

Submission Requirements: Please submit the VA/PT report (dated maximum 1 year from the checklist submission date). The VA/PT Report must include Executive summary; Detailed findings and risk ratings; Remediation recommendations; Evidence of vulnerability fixes or mitigation plans; Testing methodology used; Scope of assessment; Assessor's qualifications and certifications.

Additional Information: If you are the reseller of the solution, please obtain the VA/PT report from your product principal. SOC 2 Type II report can be accepted if the detailed technical vulnerability assessment results are part of the SOC2 Type II scope.

Qualified Third-Party Definition: Qualified third-party refers to: CREST-certified companies [ https://www.crest-approved.org/members/] or companies with security professional with relevant CREST certifications; Security professionals with recognised certifications such as: Offensive Security Certified Professional (OSCP); EC-Council Certified Penetration Testing Professional (CPENT); GIAC Penetration Tester (GPEN); or other equivalent industry-recognised certifications.

🔴 Answer: ○ Yes [Next: Q22] ○ No [⚠️ Cannot Proceed]

Date of Issue Required: [Date Field] Upload Supporting Document Required: [File Upload] Text Elaboration Required: [Text Box for Description/Details]

Q22 🟡 Preferred - Cybersecurity Compliance - Cyber Essentials Mark (CEM)

Main Question: Are you the Product Principal of the solution that you are submitting for pre-approval?

🟡 Answer: ○ Yes [Next: Q23] ○ No [Next: Q25]

Q23 🟡 Preferred - CEM for Product Principal

Main Question: Has your organisation achieved CSA Cyber Essentials for ICT Vendor Mark certification or equivalent recognised cybersecurity certifications (including but not limited to Cyber Trust Mark or ISO27001) that validate the implementation of appropriate security controls against common cyber threats in your organisation and the solution you are submitting for pre-approval?

Requirements: Vendors are encouraged to comply at application and are required to meet this requirement by the Annual Review, where it will be assessed as mandatory.

Additional Information: For more information on Cyber Essentials mark, please refer to https://www.csa.gov.sg/cyber-essentials/

🟡 Answer: ○ Yes [Next: Q24] ○ No [Assessment Finished]

--

Q24 🔴 Mandatory Follow-up - CEM for Product Principal - Elaboration

This question appears only if you answered "Yes" to Q23

Main Question: Please specify the following information: i. The certificate demonstrating your organisation has attained Cyber Essentials for ICT Vendors ii. The cybersecurity certification the organisation has met iii. The scope of the certification

Submission Requirements: Please also upload a copy of the Certification and indicate the Certification Issuance Date in the date field.

🔴 Answer: ○ Yes [Assessment Finished] ○ No [⚠️ Cannot Proceed]

Date of Issue Required: [Date Field] Upload Supporting Document Required: [File Upload] Text Elaboration Required: [Text Box for Description/Details]

Q25 🟡 Preferred - CEM for Resellers

Main Question: Has your organisation achieved CSA Cyber Essentials Mark certification or equivalent recognised cybersecurity certifications (including but not limited to Cyber Trust Mark or ISO27001) that validate the implementation of appropriate security controls against common cyber threats in your organisation and the solution you are submitting for pre-approval?

Requirements: Vendors are encouraged to comply at application and are required to meet this requirement by the Annual Review, where it will be assessed as mandatory.

Additional Information: For more information on Cyber Essentials mark, please refer to https://www.csa.gov.sg/cyber-essentials/

🟡 Answer: ○ Yes [Next: Q26] ○ No [Assessment Finished]

--

Q26 🔴 Mandatory Follow-up - CEM for Resellers - Elaboration

This question appears only if you answered "Yes" to Q25

Main Question: Please specify the following information: i. The cybersecurity certification the organisation has met ii. The scope of the certification

Submission Requirements: Please also upload a copy of the Certification and indicate the Certification Issuance Date in the date field.

🔴 Answer: ○ Yes [Assessment Finished] ○ No [⚠️ Cannot Proceed]

Date of Issue Required: [Date Field] Upload Supporting Document Required: [File Upload] Text Elaboration Required: [Text Box for Description/Details]